This invention relates to an apparatus and method for distributing keys in a cryptographic system and more particularly to an apparatus and method for distributing keys in a public key system utilized in a postage metering environment.
Digital printing technology has enabled mailers to implement digital, i.e. bit map addressable, printing for the purpose of evidencing payment of postage. Advances in digital printing technology have made it possible to print on a mailpiece a postage indicium that is unique to the mailpiece. The indicium is unique because it includes information relating directly to the mailpiece, for example, postage value, date, piece count, origin postal code and/or destination postal code (referred to herein as indicium information or indicium data). However, from the Postal Service's perspective, it will be appreciated that the digital printing and scanning technology make it fairly easy to counterfeit a postal value bearing indicium since any suitable computer and printer may be used to generate multiple copies of an image once generated.
In order to validate an indicium printed on a mailpiece, that is to ensure that accounting for the postage amount printed on a mailpiece has been properly done, it is known to include as part of the indicium encrypted information such that, for instance, the value of the postage may be verified from the encrypted information. The encrypted information is created through the use of a secret (private) key stored in the postage meter. The encrypted information is then used at a verifying site together with the secret key (secret key system) or alternatively with a corresponding public key (public key system) to verify the authenticity of the printed indicium.
Regardless of whether a public or secret key system is utilized, one of the main security concerns is the protection of the secret or private keys. If the cryptographic keys are not generated, disseminated, stored, used, and ultimately destroyed in a secure manner, then the security afforded by the cryptographic algorithms in use cannot be guaranteed. Thus, if a private key is compromised, all of the secure devices that utilize that private key are compromised. Accordingly, key management is an essential component of the overall security of any cryptographic system.
The United States Postal Service (USPS) has proposed two different public key distribution systems for information-based postage metering. The Information-Based Indicia Program (IBIP) Key Management Plan (Draft of Apr. 25, 1997) calls for a system with a live database in which each postage meter creates a random unique private key. This is a very secure system, but requires a significant certificate authority infrastructure to support authenticated key distribution from the postage meter to the mail piece indicia verifiers. On-the-other-hand, the USPS Closed Postage Payment System (CPPS) Key Management Plan (Draft of Feb. 13, 1998), calls for the postage meter provider to generate and distribute a set of public and private keys indexed by a group key number. In this scenario, many postage meters share the same group key. The weakness of this system is that if a postage meter is lost or stolen, then the Postal Service must assume that an attacker has compromised the corresponding group's private key. Therefore, the provider must recover and rekey all postage meters in the group. In both of the aforementioned systems, the postage meter is designed to be tamper resistant, as defined in the U.S. government standard FIPS pub 140-1. The design of secure postage meters makes the problem of obtaining a key from a postage meter difficult, although it is never insurmountable.
In CPPS, the assignment of a large group of postage meters to a common group key number reduces the complexity of the infrastructure as compared to the IBIP system, at the cost of reduced security. That is, the verifier need only know the small set of group public keys because the indicium contains the group key number. The verifier recovers the group key number from the specific indicia and looks up the corresponding group public key. The verifier can then check the authenticity of the signature of the indicia, which signature is based on the postage meter private key. However, the physical security of every postage meter in a key group is the only assurance that a group private key is only used to provide valid evidence of postage paid. If an attacker compromises a postage meter, then she can imitate any other postage meter in the same group. In a given year about one percent of postage meters are lost due to causes including theft, mailer moved, mailer's company closes, or simple misplacement. If a key group contains one thousand postage meters, then on the average ten of these may be missing during a given year. The postage meter group will therefore need rekeying an average of ten times per year.
In IBIP, the postage meter generates its private key using an internal random number generator to seed a key generation algorithm. The postage meter then calculates the public key and sends it to the IBIP infrastructure. The IBIP certificate authority signs a certificate with the postage meter number, postage meter license number, postage meter public key, and other data. The IBIP infrastructure returns the certificate to the postage meter, which then activates the public key. The USPS must distribute this public key certificate to verifiers to allow indicia verification. Many postage meters are introduced into service and many other postage meters are removed from service every day. The distribution of an up-to-date set of public keys to verifiers is a challenging problem. However, the system has the significant advantage that if an attacker breaks into one postage meter, he does not gain any knowledge that allows him to imitate another postage meter.
It is therefore apparent from the above that what is needed is a key generation and distribution system which provides increased security over the proposed CPPS and at the same time requires less infrastructure to manage as compared to the proposed IBIP.